Active Directory (Netdiag) failed test KnowsOfRoleHolders

I have a Windows 2003 network, with a mix of windows 2000 and windows 2003 DCs, one domain, each dept had their own local DC, all servers have the latest service packs installed.

Recently I added tree new DCs, when I run the netdiags on each server, I get this report back:

****************************************************************************************************

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Connectivity
         ......................... S-WATER-KP passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Replications
         ......................... S-WATER-KP passed test Replications
      Starting test: NCSecDesc
         ......................... S-WATER-KP passed test NCSecDesc
      Starting test: NetLogons
         ......................... S-WATER-KP passed test NetLogons
      Starting test: Advertising
         ......................... S-WATER-KP passed test Advertising
      Starting test: KnowsOfRoleHolders
         [TOSMAINBAC] DsBind() failed with error 1722,
         The RPC server is unavailable..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to DS RPC Bind.
         [TOSMAINBAC] LDAP connection failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... S-WATER-KP failed test KnowsOfRoleHolders
      Starting test: RidManager
         [S-WATER-KP] DsBindWithCred() failed with error 1722. The RPC server is unavailable.
         ......................... S-WATER-KP failed test RidManager
      Starting test: MachineAccount
         ......................... S-WATER-KP passed test MachineAccount
      Starting test: Services
         ......................... S-WATER-KP passed test Services
      Starting test: ObjectsReplicated
         ......................... S-WATER-KP passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... S-WATER-KP passed test frssysvol
      Starting test: kccevent
         ......................... S-WATER-KP passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001F60
            Time Generated: 04/03/2007   12:25:00
            Event String: The browser service has failed to retrieve the

         ......................... S-WATER-KP failed test systemlog
   
   Running enterprise tests on : TOSMAIN.local
      Starting test: Intersite
         ......................... TOSMAIN.local passed test Intersite
      Starting test: FsmoCheck
         Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC
         ......................... TOSMAIN.local passed test FsmoCheck

*************************************************************************************************

The other DCs on the network come back clean. The TOSMAINBAC server failed with the blue screen of death, I have since replaced this DC, alll other DCs recognize the new DC, except for these 3 DCs. I was unable to demote this failed DC

I would usually just seize the roles, but I am concerned because that all the other DCs see the correct server who now holds the roles.

Secondly, this TOSMAINBAC is still listed in the AD, it will not all me to remove.
LVL 3
AccessYourBiz_ComAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shift-3Commented:
Make sure that all DCs have the correct DNS server IPs selected in their TCP/IP Properties.

Back up the System State on all DCs before changing anything.

Seize all the FSMO roles.
http://support.microsoft.com/kb/255504

Assuming you have a single-domain forest, make all your DCs Global Catalog servers.
http://support.microsoft.com/kb/313994

Manually remove TOSMAINBAC from Active Directory using NTDSUTIL.
http://support.microsoft.com/kb/216498

Remove TOSMAINBAC from Active Directory Sites and Services if it still appears there.
0
AccessYourBiz_ComAuthor Commented:
Just wanted to double check, all other DCs know the correct role holder, just these three do not, should I go ahead seizing the roles on these DCs?
0
AccessYourBiz_ComAuthor Commented:
When I run, ntsdutil on the problem server, the select roles, then connections, when I enter the comand "connect to server [servername]", I receive an error message

Binding to [servername]
DSBindW error 0x57(the parameter is incorrect)

if I run the same command (connect to server [servername] on any other controller in the domain, (except the 3 problem servers) the connection is successful.

Thanks
Steve
 
0
Shift-3Commented:
You may want to run DCDIAG and REPADMIN first to make sure these DCs are replicating correctly.  A replication problem could account for the disparity in FSMO listings.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AccessYourBiz_ComAuthor Commented:
Thanks for your reply, in this case I know they are not replicating correctly, the errors I listed earlier are from the dcdiag program. When using the ntdsutil to connect to the PDC, I tried both the IP and the DNS name with no success.

Thanks
Steve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.